Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. Oracle Enterprise Manager provides tools and procedures to help you ensure that you are managing your Oracle environment in a secure manner. To ensure that only users with the proper privileges have access to critical monitoring and administrative data. This goal is met by requiring username and password credentials before users can access the Enterprise Manager consoles and appropriate privileges for accessing the critical data.
To ensure that all data transferred between Enterprise Manager components is transferred in a secure manner and that all data gathered by each Oracle Management Agent can be transferred only to the Oracle Management Service for which the Management Agent is configured. To ensure that sensitive data such as credentials used to access target servers are protected. To ensure that access to managed targets is controlled through user authentication and privilege delegation.
This goal is met by configuring the Management Agent with PAM and LDAP for user authentication and using privilege delegation tools like Sudo and PowerBroker.
Enterprise Manager authentication is the process of determining the validity of the user accessing Enterprise Manager.
Enterprise Manager's authentication framework consists of pluggable authentication schemes that let you use the type of authentication protocol best suited to your environment. Oracle Enterprise Manager 12c relies on the WebLogic Server for external Authentication methods. Oracle Access Manager (OAM) SSO - Oracle Access Manager is the Oracle Fusion Middleware single sign-on solution. SSO-Based Authentication: The single sign-on based authentication provides strengthened and centralized user identity management across the enterprise.
Enterprise User Security Based Authentication: The Enterprise User Security (EUS) option enables you to create and store enterprise users and roles for the Oracle database in an LDAP-compliant directory server.
Oracle Internet Directory (OID) Based Authentication - Oracle Internet Directory is a LDAP v3 compliant directory built on the Oracle database and is fully integrated into Oracle Fusion Middleware and Oracle Applications. Microsoft Active Directory Based Authentication - Microsoft Active Directory is a directory service that provides authentication and authorization functionality in a Windows network. On this page, you can specify the type of administrator account being created and select the password profile.
If you select the Expire Password Now checkbox, the password for administrator account will be set to an expired state. When using an Oracle Access Manager Single Sign-On authentication scheme, the underlying identity stores will consist of Enterprise Directory Identity Stores supported by Oracle Access Manager. The Oracle Access Manager Single Sign-On server is configured with Oracle HTTP server, Web Gate, and the Oracle Access Manager Identity Store. If you are currently using Oracle Application Server Single Sign-On to control access and authorization for your enterprise, you can extend those capabilities to the Enterprise Manager console. You can configure Enterprise Manager to use one of the default Oracle Application Server Single Sign-On or Enterprise User Security features, but not both. When Enterprise Manager is configured to use Single Sign-On with Server Load Balancer, make sure that the correct monitoring settings have been defined.
Note1: host, port, and protocol refer to the Enterprise Manager host, port and the protocol (http or https) used. Note2: The em_host, em_port, email and Enterprise Manager Partner Name must be replaced with the appropriate values and not typed as shown in this example.
After you have configured Enterprise Manager to use the Single Sign-On logon page, you can register any Single Sign-On user as an Enterprise Manager administrator.
From the Setup menu, select Security, then select Administrators to display the Administrators page.
Because Enterprise Manager has been configured to use Single Sign-On, the first page in the Create Administrator wizard now offers you the option of creating an administrator either as an External User or as Repository User.
Enter the name and e-mail address of the External User Identity Store user, or click the flashlight icon to search for a user name in the Oracle Internet Directory. Use the rest of the wizard pages to define the roles, system privileges, and other characteristics of the Enterprise Manager administrator and then click Finish. Enterprise Manager displays a summary page that lists the characteristics of the administrator account. The External User Identity Store user is now included in the list of Enterprise Manager administrators. This command creates a user with the name ssouser who is authenticated against the single sign-on user. This parameter allows the administrator to provide the values for any of these arguments in an input file.
If you have updated files like httpd.conf (for example, while installing WebGate), rollback them. Enterprise User Security enables you to create and store Oracle database information as directory objects in an LDAP-compliant directory server. If you currently use Enterprise User Security for all your Oracle databases, you can extend this feature to Enterprise Manager. Ensure that you have enabled Enterprise User Security for your Oracle Management Repository database, as well as the database targets you will be managing with the Cloud Control console.
The next time you use the Oracle Enterprise Manager console to drill down to a managed database, Enterprise Manager will attempt to connect to the database using Enterprise User Security. After you have configured Enterprise Manager to use Enterprise Users, you can register existing enterprise users as Enterprise Manager Users and grant them the necessary privileges so that they can manage Enterprise Manager effectively. From the Setup menu, select Security then select Administrators to display the Administrators page. Enter the name and e-mail address of the Oracle Internet Directory user or click the flashlight icon to search for a user name in the Oracle Internet Directory. This command registers the eususer as an Enterprise Manager user where eususer is an existing Enterprise User. You can implement an OID-based authentication scheme to have Enterprise Manager authenticate users against the OID. For Enterprise Manager deployments consisting of multiple OMS instances, emctl config auth oid must be run on each OMS. Use the WebLogic Server Administration Console (Users and Groups tab) to check whether the OID configuration has been successful. Enterprise Manager uses the authentication capabilities provided by the Oracle WebLogic Server that is part of the OMS. Ensure Enterprise Manager Cloud Control 12c is installed and configured properly and that you can log in as a user with Super Administrator privileges. Active Directory Principal (User created to authenticate with Active Directory for the Oracle WebLogic Server. The Principal User created in Active Directory that will be used to authenticate WebLogic Server.
The User Base Distinguished Name is the container location of valid users who will be granted access to ENTERPRISE MANAGER. In the Users section, set the User Base DN to the value provided by your Active Directory administrator. In the Authentication Providers section, click Reorder and move your new provider to the top of the list.
If you do not want all users created automatically, you must manually create them using the EM CLI (after restart). The users will not show up in the Enterprise Manager Administrators UI until they have logged in once.
To assign a group of privileges to the LDAP users, you can create an external role with the same name as the LDAP group.
An Active Directory user must be deleted from Enterprise Manager to remove access to Cloud Control. Removing Active Directory authentication will remove all Active Directory user accounts from Enterprise Manager.
Giving the same level of access to all systems to all administrators is dangerous, but individually granting access to tens, hundreds, or even thousands of targets to every new member of the group is time consuming.
This section describes Enterprise Manager's Authorization model including user classes, roles, and privileges assigned to each user class. Oracle Enterprise Manager supports different classes of Oracle users, depending upon the environment you are managing and the context in which you are using Oracle Enterprise Manager. The Enterprise Manager administrators you create and manage in the Cloud Control console are granted privileges and roles to log in to the Cloud Control console and to manage specific target types and to perform specific management tasks. By restricting access to privileged users and providing tools to secure communications between Oracle Enterprise Manager 12c components, Enterprise Manager protects critical information in the Oracle Management Repository.
The Management Repository contains management data that Enterprise Manager uses to help you monitor the performance and availability of your entire enterprise.
Super Administrator: Powerful Enterprise Manager administrator with full access privileges to all targets and administrator accounts within the Enterprise Manager environment.
The types of management tasks that the administrator can perform and targets that he can access depends on the roles, system privileges, and target privileges that he is granted. When Enterprise Manager is installed, the SYSMAN user (super administrator) is created by default.
A role is a collection of Enterprise Manager resource privileges, or target privileges, or both, which you can grant to administrators or to other roles.
Out-of-Box Roles: Enterprise Manager Cloud Control 12c comes with predefined roles to manage a wide variety of resource and target types.
Role has privileges to design Enterprise Manager operational entities such as Monitoring Templates.
Role has privileges to manage the Enterprise Manager infrastructure such as managing plug-in lifecycle or managing self update. Role for creating, editing, deploying, deleting and granting privileges for any patch plan. Target Privileges: These privileges allow an administrator to perform operations on a target.
Ability to clear events, re-evaluate metric alert events, create incidents, add events to incidents, and define what actions the administrator can perform on individual incidents, such as acknowledgment or escalation. Ability to associate a template collection to a administration group and Sync targets with the associated template collections.
Resource: These privileges allow a user to perform operations against specific types of resources. Write for OTN Earn money and promote your technical skills by writing a technical article for Oracle Technology Network. Enterprise Manager Framework Security automates the process of securing the Enterprise Manager components installed and configured on your network.
The authentication feature is available across the different interfaces such as Enterprise Manager console and Enterprise Manager Command Line Interface (EM CLI).
For this reason, Enterprise Manager 12c can be authenticated using any authentication method supported by Oracle WebLogic Server. The underlying identity stores will be the Enterprise Directory Identity Stores being supported by Oracle Access Manager.
After you have configured Enterprise Manager to use the Oracle Application Server Single Sign-On, you can register any single sign-on user as an Enterprise Manager administrator. If the managed databases are configured with EUS, the process of logging into these databases is simplified. Thus, it is ideally suited for Oracle environments or enterprises with Oracle database expertise. When using a Microsoft Active Directory as an identity store, you can plug in this scheme to have your applications authenticate users against the Microsoft Active Directory. Each administrator account includes its own logon credentials as well as a set of roles and privileges that are assigned to the account. The password cannot be changed by the administrator if the Prevent Password Change checkbox is selected. If the password has expired, when you log in the next time, the following screen is displayed and you are prompted to change the password. This section provides instructions on how to configure OAM SSO-based authentication schemes. However, you can configure Enterprise Manager so it uses Oracle Application Server Single Sign-On to authenticate your Enterprise Manager users. You can now verify the account by logging out of the Cloud Control console and logging back in using the External User Identity Store user credentials on the Single Sign-On logon page.
Since the password is set to expire immediately, when the user logs in for the first time, he is prompted to change the password. For example, an administrator can create and store enterprise users and roles for the Oracle database in the directory, which helps centralize the administration of users and roles across multiple databases. Configuring Enterprise Manager for use with Enterprise User Security simplifies the process of logging in to database targets you are managing with the Oracle Enterprise Manager console. If successful, Enterprise Manager will connect you to the database without displaying a logon page. Since Enterprise Manager has been configured to use Enterprise Users, the first page of the Create Administrator wizard will provide the option to create an administrator based on a registered Oracle Internet Directory user or a normal database user.


You can now verify the account by logging out of the Cloud Control console and logging back in using the OID user credentials on the Single Sign-On logon page. If you are using Microsoft Active Directory as an identity store, you will need to configure it with the Oracle WebLogic Server which is part of the OMS.
It must be in the Administrators group and belong to the correct Organizational Unit designated in the User base DN. You can set a flag to auto-provision all users, or you can manually create them as external users using EM CLI.
Once the users are authenticated, they will inherit the permissions and privileges granted to the external role automatically. If the user remains in Active Directory, they should be removed from any Groups assigned privileges through External Roles to ensure they cannot log in again if auto-provisioning is enabled. With Enterprise Manager's administrator privileges and roles feature, this task can be performed within seconds, instead of hours.
The default super administrator for the Cloud Control Console is the SYSMAN user, which is a database user associated with the Oracle Management Repository. This data provides you with information about the types of hardware and software you have deployed, as well as the historical performance and specific characteristics of the applications, databases, applications servers, and other targets that you manage. Each administrator account includes its own login credentials, as well as a set of roles and privileges that are assigned to the account.
The Super Administrator, SYSMAN is created by default when Enterprise Manager is installed.
The Super Administrator can choose to let certain administrators perform only certain management tasks, or access only certain targets, or perform certain management tasks on certain targets. They are designed to control user access to data and to limit the kinds of SQL statements that users can execute.
The SYSMAN Super Administrator then creates other administrator accounts for daily administration work.
These roles can be based upon geographic location (for example, a role for Canadian administrators to manage Canadian systems), line of business (for example, a role for administrators of the human resource systems or the sales systems), or any other model. It provides the ability to create and view chargeback plans, chargeback consumers, assign chargeback usage, and view any CaT targets. This role could be responsible for deploying the cloud infrastructure (servers, pools, zones) and infrastructure cloud operations for performance and configuration management. It gives the capability to create and view consolidation plans, consolidation projects and view any CaT targets.
This role can define quotas and constraints for self service users and grant them access privileges.
This role can be customized at site level to group privileges that need to be granted to all administrators. This role is unique in that it is automatically assigned to all new non-super administrators when they are created.
By following the best practice, even the repository owner and the SYSDBA will not be able to access the sensitive data. By using this option, you can take advantage of all the benefits that this authentication method provides like password control via password profile, enforced password complexity, password life time, and number of failed attempts allowed. You can then enter your single sign-on credentials to access the Oracle Enterprise Manager console. When you drill down to a managed database, Enterprise Manager will attempt to connect to the database using Enterprise Manager credentials.
When using an authentication scheme based on Oracle Internet Directory as the identity store, you can have your applications authenticate users against the OID. Instead of seeing the Enterprise Manager logon page, users will see the standard Oracle Application Server Single Sign-On logon page.
If the attempt to use Enterprise User Security fails, Enterprise Manager will prompt you for the database credentials. Tuning and modification of advanced OID configuration parameters is carried out through the WebLogic Server Administration Console and not the emctl config auth oid command.
The following procedure demonstrates how to set up Enterprise Manager authentication using Microsoft Active Directory.
More complex configurations can be implemented with additional knowledge of LDAP search filters. Authorization controls the access to the secure resources managed by Enterprise Manager via system, target, and object level privileges and roles. You define the password for the SYSMAN account during the Enterprise Manager installation procedure.
The Management Repository also contains information about the Enterprise Manager administrators who have the privileges to access the management data.
When creating a user, you grant privileges to enable the user to connect to the database, to run queries and make updates, to create schema objects, and more.
The SYSMAN account should only be used to perform infrequent system-wide, global configuration tasks.The Super Administrator divides workload among his administrators by filtering target access, or filtering access to management task, or both through the roles, System Privileges, and Target Privileges he grants them. Administrators do not want to perform the task of individually granting access to tens, hundreds, or even thousands of targets to every new member of their group.By creating roles, an administrator needs only to assign the role that includes all the appropriate privileges to his team members instead of having to grant many individual privileges. If successful, Enterprise Manager will directly connect you to the database without displaying a logon page. From the logon page, administrators can use their Oracle Application Server Single Sign-On credentials to access the Oracle Enterprise Manager 12c Cloud Control console.
To accommodate the many authentication schemes that can exist in a managed environment, Enterprise Manger allows you to configure the credentials for these authentication schemes as well. For example, he can allow some administrators to view any target and to add any target in the enterprise and other administrators to only perform specific operations such as maintaining and cloning on a target for which they are responsible. He can divide workload among his administrators by filtering target access, or filtering access to management task, or both. The Public role should be used to define default privileges you expect to assign to a majority of non-super administrators you create.
The scripts are placed in a shell script wrapper at the Unix level, and then scheduled using the Unix cron job facility. However, planned downtime can be controlled and reduced by Database technology features such as rolling upgrades, or out of place patching. What is costlier to business is unplanned downtime - since employees are idle during this time and corporate web sites are unreachable, resulting in revenue loss as well as prestige loss.
This technology is often implemented in the form of active-passive clusters - such has been the case for many years. In an active-passive cluster, a storage unit known as a LUN (Logical Unit Number) is shared between two servers but only accessed by one primary server at a time. The database files are placed on this LUN, and the Oracle instance starts in memory on the primary server.
As and when Oracle releases new versions of the Oracle database, the future versions of the Oracle Enterprise Manager database plug-in would automatically cater to the new release, and any special feature in that release, making RMAN script maintenance unnecessary.
This is an incremental level 0 cumulative backup that can be used as the basis of an incremental backup strategy. New RMAN features (such as compression, encryption, block change tracking, etc.) would be available when setting up the backup in Enterprise Manager itself.
After this database backup is completed, a control file and SPFILE autobackup are also created, because we identified earlier that we wanted these files to be automatically backed up with each backup. This active-passive technology was the HA norm in the corporate computer centers for many years. The only complaint was that the cluster could automatically and unexpectedly switch over to the passive server, even on very trivial grounds - such as slow network access to the active server, or if the database were shut down for maintenance by a naive DBA. This results in time and cost savings due to increased productivity and automation of the entire approach.
After successful backup, RMAN deletes the archivelogs from their disk location because of the included delete input clause. In the latter case, the cluster monitoring software had to be disabled first before any maintenance work was done on the database. During such a recovery-complete or incomplete-Oracle uses the archive logs to apply all the changes, so as to restore the database to any point of time (the main purpose of archive logging). In this case a single database had instances on multiple servers, and all accessed the same database storage. The first versions were known as Oracle Parallel Server (OPS), however at that time the clustering technology was primitive and used the shared storage itself as the method to transfer blocks from node to node.
When the home page appears (make sure you are logged in to the database with SYSDBA credentials), set up the Fast Recovery Area (FRA) to help automate the backups. In the past, DBAs had to perform a manual restore of the archive logs from their compressed Unix tape archiving (or tar) archives and then place the restored archive logs in a directory accessible by the Oracle-controlled recovery. This had performance limitations and was very complex to set up, and consequently implementations of OPS were rare, and DBAs who knew OPS could command a large pay packet.
This kind of manual searching and restoring of the archive logs is no longer needed in the case of RMAN, which automatically locates the archive log backup sets needed and extracts the archive logs required for the recovery. This introduced the latest Oracle technology of Cache Fusion - where, in a technical breakthrough, the database used the memory (cache) of the nodes for the first time to transfer requested blocks across the interconnect.
The first two subdirectories will be used for the backup and the autobackup, and the archivelog subdirectory will be used to store normal archive logs that are generated by the database in archivelog mode. This technique improved cross-instance block-access performance dramatically, and made Oracle Database 9i Real Application Clusters (RAC) a very practical and scalable alternative to the active-passive technology. It is possible to resize the FRA later on, but if it runs out of space, archive logs (if in Archivelog Mode) may stop being generated, and the database will not process any transaction after that unless the space issue is resolved. This happens every time a backup is taken and if the directory structure up to the day level doesn't exist, it is created. As we can see in the RMAN output, another control file and SPFILE autobackup takes place after the archive logs backup.
Once configured, these autobackups will automatically occur after any RMAN database backup or archive logs backup completes. Because the load is shared across all nodes, the RAC cluster can scale out horizontally - something that is impossible for an active-passive cluster to achieve, unless the application and database are broken up into pieces. The names of the backup files and archive log files have been catalogued by RMAN and exist as entries in the control file records.
During the RMAN maintenance activities that are started by the maintenance commands you included (including the extra ones we had listed), these entries are crosschecked to verify that they physically exist on disk.
There is no need to do this in the RAC configuration so far as the majority of applications are concerned.
And you can start with a small number of RAC nodes, rather than initially deploy a large server to accommodate future growth In late 2009, a new HA technology was introduced by Oracle - Oracle RAC One Node in Oracle 11g Release 2. Selecting a larger parallelism will increase the number of concurrent RMAN streams to the disk backup location; use this feature with care, since it depends on how much the disk can handle. This was RAC running on one node in a cluster with failover protection, the same as the active-passive scenario. Using such a setting will increase the speed of the backup, but this will also depend on the disk subsystem structure. Similarly, since the database backup, archivelog backup, and the autobackup in this job have succeeded, the entries of the previous backup and autobackup files are checked to see if they still need to be retained, as per the retention policy. The difference is that RAC One Node can easily be upgraded online to a full active-active RAC cluster. In the case of obsolete records, the actual physical backup files are also deleted from the disk. All the active-passive or active-active RAC servers in the one site hit by the disaster would be down! We need a genuine Disaster Recovery (DR) solution, with servers ready to take over at a totally different site - distant enough not to be effected by the disaster at the primary site.
A manual standby database was the main instrument - this being in the days before Oracle 7.3. The technique was very primitive, but laid the groundwork for Oracle's ongoing concept of the Standby database.
The steps performed were basically as follows: Install the Oracle database software on the standby server. The test will write some test backup files to the disk backup location, and let you know if successful. Oracle's integrated secure tape backup management system, OSB provides an alternative to third-party tape backup solutions that may not be tightly integrated with Oracle RMAN and Oracle Enterprise Manager. Sometimes there arose gaps in log application - in case the archive logs were not transported to the standby server due to network failure. Or, even if transported, they were not applied on the standby due to some reason such as unauthorized deletion, or maybe hard disk corruption. This will create a level 1 cumulative incremental backup, as opposed to the level 0 backup that is taking place each Sunday. This is because they use the Oracle Database Server Standard Edition (SE) Database software - and only the Oracle Database Server Enterprise Edition (EE) allows the use of the latter-day advanced standby technology from Oracle.
The other new feature introduced at that time was Managed Database Recovery, which automatically applied the transferred archive logs on the standby. Since you are using the nocatalog mode of RMAN, it is of utmost importance to ensure the safety of the control file and make certain it is backed up, because the control files contains the history of all the backups.


You had to download Oracle Data Guard separately from the Oracle Technical Network (OTN), and then unzip it in a subdirectory under your Oracle Home.
It also had a command line interface, Data Guard Control (dgdctl) which allowed you to perform a switchover or a failover to the standby database quite easily.
Consequently, an incremental cumulative backup will be performed daily that updates the datafile copies with all the changes.
This feature was introduced in Oracle 10g and helps considerably to increase the speed of incremental backups, since all database block changes are tracked in this special file (only tens of MB in size).
The RMAN process in this case will not need to scan the entire datafile for changed blocks, when taking incremental backups.
A new Oracle background process DMON was now started specifically for the Data Guard broker, along with all the other background processes. The advantage is that you can easily switch over to this backup and use it as a production database in the case of an emergency, without any restore of the backup or recovery of the database. But the setup, configuration and maintenance of Data Guard increased correspondingly in complexity, and human error became more likely in the entire process - especially if you had multiple primary databases and their corresponding standbys. However, when the database size is more than, say, 200 GB, it is time to rethink your backup strategy. Oracle created just the right tool - Oracle Enterprise Manager 9i, with a wizard that allowed the setup of Data Guard standbys directly from the Enterprise Manager console.
Select Retain at least the specified number of full backups for each datafile, and enter 1 as the number of backups to retain at any one time - this is your redundancy. You could also perform a switchover or failover to the standby database from Enterprise Manager 9i itself, instead of doing it manually using the Data Guard Command line interface. And regular testing of your RMAN backup of all your databases is one of the DBA's mandatory responsibilities.
In this case, backups would be retained to allow recovery of the database up to the specified number of days.
This further enhanced the setup process of the Data Guard configuration, and also included a monitoring interface for the entire configuration. Grid Control 11g and the latest Cloud Control 12c handle standby database creation and monitoring equally well, and in addition new features such as the Snapshot Standby database are also covered. You can adopt a better backup strategy by taking a full database backup once a week on a Sunday and then an incremental database backup Monday through Saturday. You must take into account the following: The total size of the database The types of backups taken each day (full or incremental) The amount of archive logs generated each day (since archive log backups are also included) The amount of finite space allocated to the database's FRA The database administrator must keep all these factors in mind, and closely monitor the database backup space available over the next few weeks, adjusting the Recovery Window if required or changing the Retention Policy to Redundancy instead of a Recovery Window. Cloud Control 12c excels at streamlining and automating many daily tasks of the DBA - tasks as varied as performance diagnosis, tuning, scheduling database and OS scripts, setting up and scheduling database RMAN backups, besides delivering and applying database patches, and configuration management and monitoring of the application, database, OS, and the server. And of course, you can also easily set up Data Guard configurations, manage the configurations, switchover or failover the database, and monitor the primary and standby databases using Cloud Control 12c - an ideal way to set up disaster recovery capabilities in your company. Assuming that the FRA is set, the archived redo logs that have been backed up and are obsolete as per the retention policy will be deleted by the RMAN maintenance commands. You can take an image copy of all the datafiles of a database once in a while, and then take an incremental backup each day that will actually refresh the image copy of the database with all the incremental changes.
The datafile copies become the same as in production, since they are being brought up to date each day when the incremental backup is run.
The wizard for creating the standby database is a step-by-step, guided, error-free procedure to set up Oracle Data Guard. Using this procedure, you can set up the standby database on any server in your corporate space - provided the Cloud Control 12c agent is already installed and running on that server prior to the actual setup. Technically, you have managed a recovery of the database without performing a restore of the files from backup, and this makes the entire recovery faster and simpler. A lot of time can be saved, customized scripts can be eliminated, and human error greatly reduced. If you use a backup strategy like this, which is based on incrementally updated backups, it can help minimize the media recovery time of your database. Happily, configuring and viewing standby databases using Enterprise Manager is covered under the Base Database Management Features, as explained in the Oracle Enterprise Manager Licensing Information guide. This option deletes the archived redo logs that have been applied or shipped to all remote destinations, and also deletes archived logs after considering whether the specified number of archived log backups have been backed up to a tertiary device. This facility is visible and easily understandable if Oracle Enterprise Manager is used to schedule RMAN backups.
This is a prerequisite since the agent is used to communicate between the targets on the host, and the Oracle Management Service (OMS). In the case of a standby database, there are three main options: None Delete archived redo log files after they have been applied to the standby database Delete archived redo logs after they have been backed up the specified number of times. You can now set up the level 1 incremental backup for every weekday as before, but with this refreshing of the image copy as well, to keep the image copy up-to-date with your production database. As per Oracle Data Guard requirements, the Primary and Standby should have the same Operating System, but the OS patchset release may be different. Once the EM Agent starts communicating with the central OMS, all information about the standby server is available on the central Enterprise Manager site. Backup optimization is ON, controlfile autobackup is ON, and there is a parallelism of 1 using a compressed backupset. Make sure you do not install the Standard Edition (SE), since the use of Data Guard is not allowed with the Standard Edition. This allows you to deploy the Oracle Software from Enterprise Manager itself, from a pre-stored Gold Copy known as a Profile in the Software Library. This capability requires the license for the Enterprise Manager Database Lifecycle Management Pack (DBLM). The DBA can then perform a fast recovery from the available disk-based backup, in case of any production issues, rather than waiting for the tape to be located and the tape backup to be restored to the disk. We are going to set up a full backup of this type on Sundays, as well as a daily incremental backup of the database. This is required for setting up and monitoring Oracle Data Guard in all databases upto version 11g. This is a much sought-after enhancement that has finally been realized in Oracle Database 12c, and means that the management of Data Guard can be achieved without sysdba privileges.
To delete backups marked as obsolete (as per the retention policy), select Delete obsolete backups. Backup Encryption was first introduced in Oracle Database 10g Release 2 and is available for all later versions. You must make sure you are licensed to use this option, because being licensed for the Oracle Database Enterprise Edition (EE) does not automatically mean you are licensed to use the Advanced Security Option.
The wizard is now CDB and PDB aware, and can create a Standby Database from a Container Database.
Also, there will be greater flexibility since you can use either the wallet or the password when the RMAN backup needs to be restored. You can do this if the database is large and you do not want to take an online backup again at this time. For example, if you select days as the frequency type and 1 as the frequency, the back up will run once every day at the time you have specified. In this case the files will be copied by RMAN to the standby server, so a staging area is not required. We suggest 3 AM the following morning so that the backup will start at this time of low activity.
These are the parallel channels to be used by RMAN to copy the database files to the Standby.
The archive logs are deleted after backup, after which the maintenance commands that delete obsolete diskbackups are executed. These actions are derived from what we previously specified in the Cloud Control backup setup and backup schedule wizard pages. Nevertheless, you may want to change the RMAN script to include extra maintenance commands that will crosscheck backups and archivelogs, and delete the backups and archivelogs that have expired. Their main purpose is to enable real time apply of redo data onto the standby, by populating the standby logs with redo data almost at the same time as the redo logs in the primary database.
If you don't use OMF files, you have to specify your own file names and directory locations. You can specify this as the Standby database storage only if an ASM instance is operating on the Standby server.
The list displays only hosts with the same operating system as that of the primary, since this is a requirement of Oracle Data Guard, and Enterprise Manager Cloud Control 12c understands this. The Oracle Home for the standby also needs to be of the same version as the Oracle Home on the primary.
You can refer to My Oracle Support (MOS) Note 413484.1 for a list of Data Guard configurations that are supported. This indicates that the directories you specified will be created automatically since they do not currently exist on the server. First of all, you can set the unique name of the Standby database via the DB_UNIQUE_NAME parameter.
There should be no database with this name elsewhere in the company, it should be a unique name. This is used as the display name of the target on the Enterprise Manager Cloud Control 12c screens.
This is where Data Guard will place the archived redo logs that are received from the Primary database. This starts to create the Standby database using the techniques selected in the Wizard pages, whether using an RMAN backup and copy, or the other methods.
Various Primary and Standby database settings are verified by this step, as can be seen in figure 18. There is a Switch Log button, that archives the current log file group on the Primary database. The Transport lag is the time difference between the last update on the primary database, and the last received redo on the standby. Whereas, the Apply lag is the same difference but pertaining to the last applied redo on the standby. The Administration page also displays the current log of the Primary, and the last received and last applied log on the Standby. A disaster scenario resulting in unplanned downtime would necessitate a failover, whereas a switchover can be used for planned downtime, such as the installation of operating system patches – or a machine upgrade. Here you can modify the Redo Transport Mode to SYNC – the opposite of the default ASYNC. Enterprise Manager Cloud Control 12c shows you all the properties at a glance which aids in understanding the possibilities. This means that logs transported to the standby server will not be applied on the standby database until 15 minutes has passed. If a user now drops a table, and they make the DBA aware of this immediately, the DBA can stop the application of logs on the standby and then make an effort to recover the dropped table from the standby, or failover to the standby if need be. This tab shows the Data Guard connect identifier in use, and the number of Log archive processes.
It can be used for testing, and once completed, can be brought back to its previous state (using Oracle Flashback Technology), and all the redo logs can be applied to bring it back into synch with production as a normal Standby Database. These are important features and the very purpose of using Oracle Data Guard, and are used in scheduled downtime (for switchovers) or unscheduled downtime (for failovers) - the latter being a disaster scenario. Since Primary Database sessions will be closed, you can browse them using the link on the page. This is used in real life disaster situations when the Primary Database has failed (for any reason whatsoever) and is no longer available.
An Oracle Data Guard far sync instance is actually a remote Oracle Data Guard destination that accepts redo from the primary database. As such it cannot be opened for access, cannot run redo apply, and can never become a primary database or even any type of standby database. However, externally created Far Sync instances will show up on the Data Guard Administration page. The web interface provided by Oracle for creating and managing Data Guard configurations is advanced in all aspects, and extremely easy to use.
They can also easily perform Switchovers or Failovers to the standby, in the case of planned or unplanned downtime, and they can do all this from the Enterprise Manager Cloud Control 12c console, or the dgmgrl interface. Advanced features of Oracle Data Guard in different Database versions are visible corresponding to the version, and automatically offered to the DBA, thus reducing the learning curve. Enterprise Manager Cloud Control 12c can therefore be very useful in implementing Oracle Data Guard for the varied Oracle Database versions in a large company. A Double Oracle Certified Master (OCM) in Oracle 10g and Oracle 11g, Porus has more than 25 years of experience in the IT industry, including more than 18 years of experience using Oracle technologies.




Best reliable online storage google
Symantec backup exec cloud shutdown windows
How to create cloud service package example


Comments

  1. 24.08.2014 at 12:30:38


    Lists their pricing at $4 per workstation , plus tiering to cloud storage, as an oracle cloud control 12c start and stop extension of SmartPools, which enables.

    Author: NEW_WORLD
  2. 24.08.2014 at 21:40:50


    Robust small business options are development experience, all.

    Author: ElektrA_CakO
  3. 24.08.2014 at 13:38:45


    Apple, Verizon, Microsoft, AOL, Level 3, and.

    Author: FASHION_GIRL
  4. 24.08.2014 at 22:56:41


    Off your online backup as a mysterious blob of data that's only.

    Author: Lewis